Merge branch '__acl_improvements_vol2' into 'master'

__acl improvements vol 2

See merge request ungleich-public/cdist!780

cdist/conf/type/__acl/explorer/checks

@@ -18,7 +18,7 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-[ ! -e "/$__object_id" ] && exit 0
+# TODO check if filesystem has ACL turned on etc
 
 for parameter in user group
 do
@@ -40,7 +40,8 @@ do
 
         if ! getent "$getent_db" "$check" > /dev/null
         then
-            echo "missing $parameter '$check'"
+            echo "missing $parameter '$check'" >&2
+            exit 1
         fi
     done \
         < "$__object/parameter/$parameter"

cdist/conf/type/__acl/gencode-remote

@@ -20,15 +20,7 @@
 
 file_is="$( cat "$__object/explorer/file_is" )"
 
-[ "$file_is" = 'missing' ] && exit 0
-
-missing_users_groups="$( cat "$__object/explorer/missing_users_groups" )"
-
-if [ -n "$missing_users_groups" ]
-then
-    echo "$missing_users_groups" >&2
-    exit 1
-fi
+[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
 
 os="$( cat "$__global/explorer/os" )"
 
@@ -56,7 +48,7 @@ do
         then
             [ "$file_is" = 'directory' ] && rep=x || rep=-
 
-            acl="$( echo "$acl" | sed "s/\(.*\)X/\1$rep/" )"
+            acl="$( echo "$acl" | sed "s/\\(.*\\)X/\\1$rep/" )"
         fi
 
         echo "$parameter" | grep -Eq '(mask|other)' && sep=:: || sep=:
@@ -72,7 +64,7 @@ setfacl_exec='setfacl'
 
 if [ -f "$__object/parameter/recursive" ]
 then
-    if echo "$os" | grep -Eq 'macosx|freebsd'
+    if echo "$os" | grep -Fq 'freebsd'
     then
         echo "$os setfacl do not support recursive operations" >&2
     else
@@ -82,13 +74,6 @@ fi
 
 if [ -f "$__object/parameter/remove" ]
 then
-    if echo "$os" | grep -Fq 'solaris'
-    then
-        # Solaris setfacl behaves differently.
-        # We will not support Solaris for now, because no way to test it.
-        # But adding support should be easy (use -s instead of -m on modify).
-        echo "$os setfacl do not support -x flag for ACL remove" >&2
-    else
     echo "$acl_is" | while read -r acl
     do
         # Skip wanted ACL entries which already exist
@@ -99,7 +84,7 @@ then
         then continue
         fi
 
-            if echo "$os" | grep -Eq 'macosx|freebsd'
+        if echo "$os" | grep -Fq 'freebsd'
         then
             remove="$acl"
         else
@@ -109,14 +94,13 @@ then
         echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
         echo "removed '$remove'" >> "$__messages_out"
     done
-    fi
 fi
 
 for acl in $acl_should
 do
     if ! echo "$acl_is" | grep -Eq "^$acl"
     then
-        if echo "$os" | grep -Eq 'macosx|freebsd' \
+        if echo "$os" | grep -Fq 'freebsd' \
             && echo "$acl" | grep -Eq '^default:'
         then
             echo "setting default ACL in $os is currently not supported. sorry :(" >&2

cdist/conf/type/__acl/man.rst

@@ -10,11 +10,7 @@ DESCRIPTION
 -----------
 ACL must be defined as 3-symbol combination, using ``r``, ``w``, ``x`` and ``-``.
 
-Fully supported on Linux (tested on Debian and CentOS).
-
-Partial support for FreeBSD, OSX and Solaris.
-
-OpenBSD and NetBSD support is not possible.
+Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD.
 
 See ``setfacl`` and ``acl`` manpages for more details.